CVE-2016-10099

Vulnerability

Borg (BorgBackup) versions before 1.0.9 have a flaw in the cryptographic protocol used to authenticate the manifest (list of archives). This allows an attacker to spoof the list of archives, potentially causing backup data loss. The vulnerability affects all encryption modes, including "none". [1]

Exploitation

An attacker must have write access to the repository and the ability to insert files into backups. The attack does not require disclosure of plaintext and does not affect the authenticity of existing archives. The attacker can create fake archives, particularly for empty or small archives, to spoof the manifest. [1]

Impact

Successful exploitation allows an attacker to spoof the list of archives, potentially leading to data loss by causing the backup system to treat fake archives as legitimate. The integrity of the backup listing is compromised, but existing archive data remains authentic. [1]

Mitigation

Upgrade to Borg 1.0.9 or later, which fixes the cryptographic authentication flaw. The fix enforces checking the TAM authentication tag of archives. Users should upgrade all clients using the repository and run borg upgrade --check-tam to verify the manifest authentication setup. [1]